Manualshelf

HP PC Commercial BIOS (UEFI) Setup Whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook x360 1020 G2
31323334353637383940
August 2018
919946-003
HP PC Commercial BIOS (UEFI) Setup
© Copyright 2016-2018 HP Development Company, L.P.
5 Advanced Menu 31
5.6 Secure Boot Configuration Menu
Submenu to configure Secure Boot. Starting with Windows 8, Secure Boot is a UEFI feature that helps resist attacks and
infection from malware. From the factory, your system came with a list of keys that identify trusted hardware, firmware,
and an operating system loader code. It also created a list of keys to identify known malware.
Table 21 Secure Boot Configurations Menu features
Feature
Type
Description
Default
Notes
Configure Legacy
Support and Secure
Boot
Setting
Legacy Support is the ability to boot from a non-UEFI device.
Only UEFI devices can support Secure Boot. The following
settings are possible:
Legacy Support Enable and Secure Boot Disable
Legacy Support Disable and Secure Boot Enable
Legacy Support Disable and Secure Boot Disable
OS Dependent
Import Custom
Secure Boot keys
Setting
When checked and system is rebooted, custom secure boot
keys are imported from the EFI\HP directory from the Hard
drive or USB device. The custom keys consist of PK, KEK, DB,
and Dbx .bin files. When import succeeds or fails, a pre-boot
prompt will appear showing the results of each key bin file.
Unchecked
Reboot
Required
Clear Secure Boot
Keys
One
Time
Action
When checked, clears the Secure Boot keys one time on next
save and exit. This setting will be unchecked again, when you
return from exit. This action is not available with Legacy
Support enabled or when no keys are present, possibly from
a previous clear command.
Unchecked
Reset Secure Boot
Keys to Factory
Defaults
One
Time
Action
When checked, restores secure boot keys to factory defaults
one time on next save and exit. This setting will be unchecked
again, when you return from exit.
Unchecked
Enable MS UEFI CA
key
Setting
When checked, the Microsoft (MS) UEFI Certificate Authority
(CA) key is trusted by Secure Boot
NOTE: Uncheck this to support Windows 10 Device Guard
feature
Checked